On 05.12.19 15:12, Steve Martin wrote:
Hello,my name is Steve Martin and I am a student at Ruhr University Bochum. I have a few questions regarding the implementation of encryption and decryption process in LibreOffice. I found some informations at:http://docs.oasis-open.org/office/v1.2/os/OpenDocument-v1.2-os-part3.html#__RefHeading__752815_826425813about the encryption process.I know since LibreOffice v3.5 AES-256 (in CBC mode) is using. I using LibreOffice v6.3. Is there a official specification on the implementation of encryption and decryption in LibreOffice documents (Which algorithms can be used, what exactly is the procedure, which coding methods are used, how will the data be processed (padding))? Where I can find this sepcification?
i'm not aware of anything specific to LO, just the file format specifications from OASIS and Microsoft.
in addition to ODF encryption, which is not ideal but at least somewhat competent, there are various legacy hashing & encryption schemes supported for interoperability with legacy formats, such as binary MSO files; these can be arbitrarily bad ("XOR encryption").
iirc Microsoft Office's non-standard OOXML encryption is also implemented, but i don't know anything about that... presumably this is well designed, seeing as it's the newest design.
oh, one thing that's odd that comes to mind about ODF encryption is there's some addChaffWhenEncryptedStorage function to add XML comments with random characters; i forgot what problem that was supposed to solve.